Systems and methods for providing security to different functions

ABSTRACT

Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims priority to and the benefit of U.S. ProvisionalApplication No. 60/621,288, filed Oct. 22, 2004, the entire content ofwhich is incorporated herein by reference.

FIELD OF THE INVENTION

The invention relates generally to the field of data communications and,more particularly, to systems and methods for providing secure functionson mobile terminals using smartcards, such as subscriber identity module(SIM) cards.

BACKGROUND OF THE INVENTION

Currently, cables and wires are predominately used in communicationnetworks for transferring information such as voice, video, data, etc.from one device to another. Devices on a communication network cangenerally be categorized as two types: servers and clients. Thosedevices that provide services/functions to other devices are servers;the devices that connect to and utilize the provided services/functionsare clients. Generally in a wired network, authentication of a user foraccessing a wired network, such as a local area network (LAN), canrequire the user to sign-on by providing information such as a loginidentification and a password on a client. And because each clientwithin the wired network is physically connected to the network and canhave a unique address, a communication session between a server on thewired network and the client is generally secure.

However, there is a growing desire to have network clients be portableor to have a mobile client that can operate beyond a definedenvironment. In contrast to wired clients, wireless or mobile clientscan establish a communication session with a server without beingphysically connected to cables or wires. Accordingly, information suchas voice, video, and data are transmitted and received wirelessly fromone device to another and the information can be intercepted or tamperedwith by an impersonator posing as an intended user. Therefore, one wayto ensure security within a mobile communication network would be toprovide a system and method that can authenticate and identify theintended user to the mobile communication network supplying theservices/functions.

In addition, as the development of mobile communication networktechnology continues to advance, various functions that can bedownloaded through the mobile communication network to a mobile clienthave also advanced. These advanced functions (e.g., a call waitingfunction, a caller identification function, a music playing function,etc.) may require a higher level of security. Thus, there is also a needto provide additional security or securities for these advance functionsto an intended user that goes beyond authenticating the intended user tothe mobile communication network that is supplying the functions.

SUMMARY OF THE INVENTION

The invention relates to systems and associated methods for providingsecured functions to mobile clients using smartcards, such as subscriberidentity module (SIM) cards (but not exclusively). For example, a mobilenetwork architecture constructed according to the invention providessecure provision and storage of keys and provides decryption andencryption of functions that are downloaded to a mobile client over amobile network with additional security or securities.

One embodiment of the invention provides a communication system forproviding secure mobile terminal functions. The mobile system includes amobile network, a mobile terminal coupled to the mobile network, afunction capsule including a function of the mobile terminal, and asmartcard. The smartcard is coupled to the mobile terminal and includesa first key and a second key. The first key is used to authenticate anintended user of the mobile terminal to the mobile network and todownload the function capsule from the mobile network to the mobileterminal. The second key is used to authenticate the intended user tothe function capsule on the mobile terminal.

In addition, the smartcard may include one or more encryption keys forencrypting and decrypting the data transmitted between the mobileterminal and the mobile network.

The keys on a smartcard of the invention may be provided through a keywriting or burning site (e.g., a music retailer, a mobile phoneretailer, etc). The key writing or burning site may be connected to anauthentication server (and/or another server) via a network (e.g., theInternet) so that a new authentication key or keys can be written and/orburned into the smartcard. In one embodiment, the key writing or burningsite allows an intended user to purchase a desired function and burnsand/or writes a key into the smartcard to authenticate the user to thedesired function.

One embodiment of the invention provides a method for providing securefunctions to a mobile client. The method includes transmitting a firstrandom number from within a mobile network to a mobile client. Themobile client computes a first response based on the transmitted firstrandom number using a first key in the mobile client. The mobile clientthen transmits the first response to the mobile network. The mobilenetwork then calculates a first value based on the first random numberusing a copy of the first key. If the first response does not agree withthe first value, access of the mobile client to the mobile network isterminated. If the first response agrees with the first value, afunction capsule is downloaded from the mobile network to the mobileclient. A second random number is then provided from the downloadedfunction capsule to the mobile client. The mobile client then computes asecond response based on the second random number using a second key.The downloaded function capsule then calculates a second value based onthe second random number using a copy of the second key. If the secondresponse does not agree with the second value, access of the mobileclient to the downloaded function capsule is denied. If the secondresponse agrees with the second value, the mobile client is allowedaccess to the downloaded function capsule (and/or is able to utilize afunction of the mobile client downloaded with the function capsule).

A more complete understanding of the systems and methods for providingsecurity to different functions will be afforded to those skilled in theart, as well as a realization of additional advantages and objectsthereof, by a consideration of the following detailed description.Reference will be made to the appended sheets of drawings which willfirst be described briefly.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features, aspects and advantages of the presentinvention will be more fully understood when considered with respect tothe following detailed description, appended claims and accompanyingdrawings, wherein:

FIG. 1 is a schematic diagram of a mobile communication networkarchitecture pursuant to aspects of the invention;

FIG. 2 is a more detailed schematic diagram of a mobile client of FIG.1;

FIG. 3 is a more detailed schematic diagram of a switching center ofFIG. 1;

FIG. 4 is a schematic diagram of another mobile communication networkarchitecture pursuant to aspects of the invention;

FIG. 5 is a more detailed schematic diagram of a mobile client of FIG.4;

FIG. 6 is a detailed schematic diagram of a first embodiment of afunction capsule of FIG. 5;

FIG. 7 is a detailed schematic diagram of a second embodiment of afunction capsule of FIG. 5;

FIG. 8 is a detailed schematic diagram of a third embodiment of afunction capsule of FIG. 5;

FIG. 9 is a detailed schematic diagram of an embodiment of a pluralityof function capsules of FIG. 5;

FIG. 10 is a schematic diagram of yet another mobile communicationnetwork architecture pursuant to aspects of the invention;

FIG. 11 is a schematic diagram of a system and method for providing keysto a subscriber identity module (SIM) card pursuant to aspects of theinvention;

FIG. 12 is a flowchart representative of one embodiment of operationspursuant to aspects of the invention;

FIG. 13 is a schematic diagram of an embodiment of a key managementsystem that incorporates stateless key management modules (or statelessmodules) pursuant to aspects of the invention; and

FIG. 14 is a schematic diagram of a key transfer embodiment between astateless module and a smartcard pursuant to aspects of the invention.

DETAILED DESCRIPTION OF THE INVENTION

The invention is described below, with reference to detailedillustrative embodiments. It will be apparent that the invention can beembodied in a wide variety of forms, some of which may be quitedifferent from those of the disclosed embodiments. Consequently, thespecific structural and functional details disclosed herein are merelyrepresentative and do not limit the scope of the invention.

FIG. 1 is a block diagram of a mobile communication network architecturethat uses a smartcard for authentication and/or encryption. Exemplaryembodiments of the present invention can be applied to the networkarchitecture of FIG. 1, as well as other suitable architectures.

The network architecture of FIG. 1 includes mobile network 10 thatfacilitates communications between one or more mobile clients, such asmobile client 12, and one or -more servers 14 (e.g., 14 a, 14 b, and/or14 c). Mobile network 10 may be a wireless communications system thatsupports the Global System for Mobile Communications (GSM) protocol.However, other multi-access wireless communications protocol, such asGeneral Packet Radio Services (GPRS), High Data Rate (HDR), WidebandCode Division Multiple Access (WCDMA) and/or Enhanced Data Rates for GSMEvolution (EDGE), may also be supported. Mobile client 12 may be anydevice that is adapted for wireless communications with mobile network10, such as a cellular telephone, pager, personal digital assistant(PDA), vehicle navigation system, and/or portable computer.

Mobile network 10 includes one or more base stations 16 (e.g., 16 a, 16b, and/or 16 c) and switching center 18. Mobile network 10 connectsmobile client 12 to servers 14 a, 14 b, and/or 14 c either directly (notshown) and/or through second network 20, such as a Public SwitchedTelephone Network (PSTN), an Integrated Services Digital Network (ISDN),a Packet Switched Public Data Network (PSPDN), a Circuit Switched PublicData Network (CSPDN), a local area network (LAN), the Internet, etc.Mobile network 10 is operated by a carrier that has an establishedrelationship with an intended user (or subscriber) of mobile client 12to use the wireless services provided through mobile network 10.

Referring now to FIG. 2, mobile client 12 includes mobile terminal 122(e.g., a mobile equipment or a phone) and smartcard 124. Morespecifically, smartcard 124 of FIG. 2 is a Subscriber Identity Module(SIM). SIM (or SIM card) 124 contains encryption key 126 a that encryptsvoice and data transmissions to and from mobile network 10 andauthentication key 126 b that specifies an intended user so that theintended user can be identified and authenticated to mobile network 10supplying the mobile services. SIM 124 can be moved from-one mobileterminal 122 to another terminal (not shown) and/or different SIMs canbe inserted into any terminal, such as a GSM compliant terminal (e.g., aGSM phone).

To provide additional security, mobile terminal 122 may include anInternational Mobile Equipment Identity (IMEI) that uniquely identifiesmobile terminal 122 to network 10. SIM card 124 may be further protectedagainst unauthorized use by a password or personal identity number.

Referring now back to FIG. 1, each base station 16 a, 16 b, 16 cincludes radio a transceiver that defines a cell and handles theradio-link protocols with mobile client 12. A base station controller(not shown) may also be coupled between one or more base stations 16 a,16 b, 16 c and switching center 18 to manage the radio resources for oneor more base stations 16 a, 16 b, 16 c. The base station controller mayhandle radio-channel setup, frequency hopping, and handovers (e.g., asthe mobile client moves from one base station coverage area or cell toanother).

The central component of mobile network 10 is switching center 18.Switching center 18 acts like a normal switching node, such as aswitching node in a PSTN or ISDN, and additionally provides all thefunctionality needed to handle an intended mobile user (subscriber),such as registration, authentication, location updating, handovers, andcall routing to a roaming subscriber. In FIG. 1, it is switching center18 that provides the connection of mobile client 12 to second network 20(such as the LAN, the PSTN, the ISDN etc).

Referring now to FIG. 3, switching center 18 includes equipment identityregister 182 and authentication register 184. Identity register 182includes a database that contains a list of all valid mobile terminals(e.g., 122 of FIG. 2) on network 10, where each mobile client (e.g., 12)is identified by its International Mobile Equipment Identity (IMEI). AnIMEI is marked as invalid if it has been reported stolen or is not typeapproved. Authentication register 184 is a protected database thatstores copies 126 a′, 126 b′ of the secret keys (e.g., 126 a, 126 b)stored in each intended user's (or subscriber's) SIM card (e.g., 124),which are used for authentication of an intended user andencryption/description of data transmitted over a radio channel ofmobile network 10.

Specifically, referring now also to FIGS. 1 and 2, mobile network 10 canbe a GSM compliant network that authenticates the identity of anintended user through the use of a challenge-response mechanism. A128-bit random number is sent to mobile client 12 from mobile network10. Mobile client 12 computes a 32-bit signed response based on therandom number sent to mobile client 12 with an authentication algorithmusing individual subscriber authentication key 126 b. Upon receiving thesigned response from mobile client 12, mobile network 10 repeats thecalculation to verify the identity of the user. Note that individualsubscriber authentication key 126 b is not transmitted over the radiochannel. It should only be present in SIM card 124, as well asauthentication register 184. If the signed response received by network10 agrees with the calculated value, mobile client 12 has beensuccessfully authenticated and may continue. If the values do not match,the connection to network 10 is terminated.

In addition, SIM card 124 of FIGS. 1, 2, and 3 contains encryption key126 a. Encryption key 126 a is used to encrypt and decrypt the datatransmitted between mobile client 12 and mobile network 10. Theencryption of the voice and data communications between mobile client 12and network 10 is accomplished through use of an encryption algorithm.An encrypted communication is initiated by an encryption request commandfrom mobile network 10. Upon receipt of this command, mobile client 12begins encryption and decryption of data using the encryption algorithmand encryption key 126 a.

As envisioned, an embodiment of the present invention providesadditional security and/or securities to functions downloaded from amobile communication network to a mobile client using a SIM card thatgoes beyond authenticating an intended user to the mobile communicationnetwork and encrypting/decrypting data to and from the network.

Referring to FIG. 4, a mobile communication network architecturepursuant to the present invention includes mobile network 410 thatfacilitates communications between one or more mobile clients, such asmobile client 412, and one or more servers 414 a, 414 b, 414 c. Mobilenetwork 410 may be a wireless communications network similar to themobile network of FIG. 1, as well as other suitable networks.

In particular, mobile network 410 of FIG. 4 includes copies 426 a′, 426b′ of secret keys 426 a, 426 b stored in SIM card 424. Keys 426 a, 426b, 426 a′, 426 b′ are used for authenticating the intended user of SIMcard 424 to mobile network 410 and encryption/decryption of datatransmitted between mobile network 410 and mobile client 412 viacommunication link 510. Copies 426 a′, 426 b′ of the secret keys may bestored in an authentication register (e.g., register 184 of FIG. 3) andbe managed by a switching center (e.g., switching center 18). Inaddition, to provide an additional security, SIM (or SIM card) 424contains second authentication key 426 c for authenticating the intendeduser to one or more function capsules 418 a, 418 b, 418 c on mobileclient 412.

In one embodiment, a function capsule on mobile client 412, such asfunction capsule 418 a, includes a call waiting function of mobileclient 412. Function capsule 418 a and/or another capsule 418 b, 418 cmay also include a caller identification (ID) function of mobile client412, an e-mailing function of mobile client 412, a function forproviding a highly sensitive financial service to mobile client 412, apayment function of mobile client 412, a product/service orderingfunction of mobile client 412, a music function of mobile client 412(e.g., compressing, depressing, and/or playing functions), etc.

Also, as is shown in FIG. 4, server 414 a includes (or is coupled to)copies 418 a′, 418 b′, 418 c′ of function capsules 418 a, 418 b, 418 c.These copies 418 a′, 418 b′, 418 c′ may be downloaded to mobile client412 as capsules 418 a, 418 b, 418 c on mobile client 412. In oneembodiment, capsules 418 a, 418 b, 418 c of mobile client 412 aredownloaded from server 414 a via mobile network 410 after the intendeduser has been authenticated to mobile network 410 using secret keys 426a, 426 b on SIM card 424.

Referring now to FIGS. 4 and 5, mobile client 412 includes mobileterminal 422 (e.g., a phone, a PDA, etc.) and Subscriber Identity Module(SIM) 424. SIM (or SIM card) 424 contains encryption key 426 a thatencrypts voice and data transmissions to and from mobile network 410 andauthentication key 426 b that specifies an intended user so that theintended user can be identified and authenticated to mobile network 410.In addition, SIM 424 includes one or more additional keys (e.g., 426 c,426 d, etc.) to authenticate the intended user to one or more functioncapsules 418 a, 418 b, 418 c stored in mobile terminal 422.

Specifically and referring now to FIGS. 5 and 6, a function capsule onmobile terminal 422, such as function capsule 418 a, includes anauthentication module 555. Authentication module 555 is a capsulefacility that can be downloaded to mobile client 412 and be used forensuring legitimacy of a user and/or for associating the legitimate (orintended) user to its desired function 515 on the function capsule.

In particular, authentication module 555 includes (or is coupled to)function authentication register 584. Function authentication register584 is a storage facility of authentication module 555 that storescopies 426 c′, 426 d′ of secret keys 426 c, 426 d of SIM card 424. Usingcopies 426 c, 426 d of the secret keys, authentication module 555 canauthenticate the intended user to function 515 stored in the functioncapsule. In one embodiment, key 426 c′ is used for accessing (and/ordecrypting) the function capsule and key 426 d′ is used forauthenticating the intended user to function 515 of the function capsuleso that the user can utilize function 515.

Referring now to FIGS. 5 and 7, a function capsule in another embodimentof the present invention includes first function 615 a, second function615 b, and authentication module 655. In this embodiment, authenticationmodule 655 includes copies 426 c′, 426 d′ of secret keys 426 c, 426 dstored in SIM card 424. In addition, authentication module 655 includescopy 426 e′ of secret key 426 e of SIM card 424. Using these threesecret keys 426 c′, 426 d′, 426 e′, authentication module 655 canauthenticate the intended user to a particular function from theplurality of functions 615 a, 615 b stored in the function capsule. Inparticular, key 426 c′ may be used for authenticating the intended userto the function capsule, key 426 d′ may be used for authenticating theintended user to utilize function 615 a, and key 426 e′ may be used forauthenticating the intended user to utilize function 615 b.

Referring now to FIGS. 5 and 8, a function capsule in yet anotherembodiment of the present invention includes first function 715 a,second function 715 b, and authentication module 755. Likeauthentication module 655 of FIG. 7, authentication module 755 alsoincludes copies 426 c′, 426 d′, 426 e′ of secret keys 426 c, 426 d, 426e stored in SIM card 424. However, unlike the embodiment of FIG. 7, herea first key (e.g., key 426 d′) must first be used for authenticating theintended user to utilize first function 715 a before a second key (e.g.,key 426 e′) can be used for authenticating the intended user to utilizesecond function 715 b.

Referring now to FIGS. 5 and 9, a further embodiment of the presentinvention includes function capsule 818 b within function capsule 818 a.Specifically, function capsule 818 a includes first function 815 a andfirst authentication module 855 a. First function 815 a includes secondfunction 815 b and second authentication module 855 b. In thisembodiment, first authentication module 855 a includes copies 426 c′,426 d′ of secret keys 426 c, 426 d stored in SIM card 424 and secondauthentication module 855 b includes copies 426 e′, 426 x′ of secretkeys 426 e, 426 x′ stored in SIM card 424. Here, key 426 c′ may be usedfor accessing first function 815 a, key 426 d′ may used forauthenticating the user to utilize first function 815 a, key 426 e′ maybe used for accessing second function 815 b, and key 426 x′ may be usedfor authenticating the user to utilize second function 815 b.

Moreover, to provide additional protection, FIG. 10 shows that SIM card924 coupled to mobile terminal 922 includes network key 926 a, serverkey 926 b, and capsule key 926 c. Mobile network 910 includes copy 926a′ of network key 926 a to authenticate an intended user to mobilenetwork 910. Server 914 includes copy 926 b′ of server key 926 b toauthenticate the intended user to server 914 (e.g., a data server).Function capsule 918 downloaded to mobile terminal 922 (e.g., fromserver 914 via mobile network 910) includes copy 926 c′ of capsule key926 c to authenticate the intended user so that the intended user canutilize a function of function capsule 918 on mobile terminal 922.

In addition, and/or in an alternative to the above described embodiment,server 914 of FIG. 10 (and/or another server) may be used to revoke (orerase) key 926 a, key 926 b, and/or key 926 c in SIM card 924 using key926 b′ (and/or another key). In one embodiment, keys 926 a, 926 b, 926 c(or another key) in SIM card 924 may be revoked wirelessly via mobilenetwork 910.

Referring now to FIG. 11, an embodiment for providing keys to SIM card1024 of an intended user pursuant to the present invention is shown. Theembodiment includes key writing or burning site 1000 (e.g., a musicretailer, a mobile phone retailer, etc.). Key writing or burning site1000 may be connected to authentication server 1050 (and/or anotherserver) via network 1020 (e.g., the Internet) so that copy 1026′ of newauthentication key (or keys) 1026 can be written and/or burned into SIMcard 1024. Key writing or burning site 1000 can be made accessible tothe intended user at a time when SIM card 1024 is purchased, at a timewhen the intended user desires to receive a function (e.g., a musicplaying function, a call waiting function, a caller identificationfunction, etc.), and/or any other time. Specifically, in one embodiment,key writing or burning site 1000 allows the intended user to purchase adesired function for a mobile client and burns and/or writesauthentication key 1026′ into SIM card 1024 to authenticate the user tothe desired function upon the purchase of the function.

In addition, key writing or burning site 1000 may be connected to SIMcard 1024 via a mobile network (e.g., network 10, 410, and/or 910) andthen wirelessly burns and/or writes copy 1026′ of new authentication key1026 into SIM card 1024. Further, authentication key 1026 (and/oranother key) in server 1050 may be used to later revoke (or erase) copy1026′ of key 1026 written into SIM card 1024. In one embodiment, copy1026′ of key 1026 may be revoked wirelessly (e.g., via the mobilenetwork that was used to write copy 1026′ of key 1026 into SIM card1024).

In general, according to the foregoing, the invention provides a methodfor providing secure functions to a mobile client using a SIM card, asdiagramed in FIG. 12. At block 1202, a random number (e.g., a 128-bitnumber) is sent to a mobile client (MC) from within a mobile network. Atblock 1204, the mobile client computes a signed response (e.g., a 32-bitresponse) based on the random number sent to the mobile client with anauthentication algorithm using a first authentication key. At block1206, upon receiving the signed response from the mobile client, themobile network repeats the calculation to verify the identity of anintended user. At block 1208, if the signed response received by thenetwork agrees with the calculated value, the mobile client has beensuccessfully authenticated and moves to block 1210. If the values do notmatch, the connection to the network is terminated.

At block 1210, a function capsule is downloaded from the mobile networkto the mobile client. At step 1212, a second random number (e.g., asecond 128-bit number) is provided to the mobile client from thedownloaded function capsule. At block 1214, the mobile client computes asecond signed response (e.g., a second 32-bit response) based on therandom number provided to the mobile client with a second authenticationalgorithm using a second authentication key. At block 1216, using a copyof the second authentication key, the downloaded function capsulerepeats the calculation to verify the identity of the intended user. Atblock 1218, if the signed response agrees with the calculated value, themobile client has been successfully authenticated and moves to block1220 to access the downloaded function capsule (and/or to utilize afunction of the downloaded function capsule). If the values do notmatch, the access to the downloaded function capsule is denied.

In addition, one or more encryption keys may be used to encrypt anddecrypt the data communicated between the mobile client and the mobilenetwork and/or between the mobile client and the function capsule. As anexample, encryption of the voice and data communications can beaccomplished through use of an encryption algorithm. The mobile clientbegins encryption and decryption of data using the encryption algorithmand one or more of the encryption keys.

Moreover, an authentication server and/or another server may be used toremotely revoke the second authentication key and/or another key (e.g.,the first authentication key) via the mobile network.

Lastly, an authentication and/or encryption key may have a private keyand a related but different public key, a copy of which is madeavailable outside the SIM card. A challenge may then be supplied to theSIM card and a response is generated using the private key. The responsemay be checked by the use of the related public key. Thus, if theprivate key is held only within the SIM card then only the SIM card cangenerate an authentication response that would work with the public keyvalue.

Referring now to FIG. 13, an embodiment of a key management system thatincorporates stateless key management modules (hereafter referred to asstateless modules or SMs for convenience) is illustrated. In FIG. 13,smartcard 1300 (e.g., a hardware security module or a SIM) is configuredto manage multiple remote stateless modules (or SMs) 1310.

Stateless modules may provide key enforcement and/or usage functionsthat are, in effect, separated out from the main key managementfunctions provided by a smartcard. For example, a smartcard may provideall of the services for secure key management such as generating anddestroying keys, establishing and enforcing key policy, using keys,providing key backup and secure key storage and communicating withpeers. Inherently, these operations require that the smartcard keeptrack of its current state. For example, the smartcard must keep trackof all keys it generated and it must maintain state informationassociated with each of these keys. This information may be used, forexample, to determine the entity to which each key was issued and whento destroy or revoke keys. In contrast, the stateless modules provide amechanism for securely receiving keys and using keys. The statelessmodules do not generate keys or conduct peer-to-peer communication.Consequently, they typically must communicate with a key manager toobtain the keys needed by a mobile client (e.g., a mobile phone device,a PDA, etc.).

A stateless module does not need to maintain state information toreceive keys and use keys. When a stateless module boots up, the onlykey information it has is an identity key that was stored in nonvolatilememory. However, this information is stateless because it never changes.To perform its tasks, the stateless module may be configured toestablish a secure connection with a smartcard using its identity key.This secure connection enables the stateless module to perform the basicoperations of receiving and using keys and/or data. These operations donot, however, require that the stateless module maintain the state ofthese keys. Rather, the stateless module merely needs to use the keyswithin a secure boundary and enforce any policy received with the key.As an example, after the smartcard securely sends keys to the statelessmodule these keys may be used to decrypt data and/or keys for a mobileclient (e.g., a mobile phone device, a PDA, etc.). In addition, thestateless module may send secured (e.g., encrypted and/or authenticated)data to a designated device via a secure connection.

The stateless module provides a secure usage environment that may beremotely separated from, yet cryptographically secured to (e.g., usingoperations that may include encryption, decryption, authentication,etc.), the smartcard. In particular, keys and data within the statelessmodule are protected by hardware (e.g., the physical constraintsprovided by the integrated circuit, aka chip). In addition, thestateless module may be configured to prevent the keys and data frombeing exported from the chip without encryption (or in the clear).Moreover, as illustrated in FIG. 14, a key transfer protocol may beestablished between stateless module 1410 and smartcard 1400 to allowkeys generated in smartcard 1400 to be securely transferred to statelessmodule 1410.

As is shown in FIG. 14 (and discussed above), encrypted link(communication channel) 1430 may be used to effectively extend thesecurity boundary of smartcard 1400 to include the stateless module1410. Encrypted link 1430 allows for key material to be transferred overan insecure communication medium (i.e. network and/or Internet) betweensmartcard 1400 and stateless module 1410.

FIG. 14 also illustrates that stateless module 1410 may receiveencrypted key material from smartcard 1400 for use with localcryptographic accelerator 1440. Cryptographic accelerator 1440 also maybe implemented within the effective security boundary. For example,cryptographic accelerator 1440 and stateless module 1410 may beimplemented on the same integrated circuit. Alternatively, keys and datatransferred between these components may be encrypted.

Thus, cleartext and ciphertext may be sent to cryptographic accelerator1440 without exposing the key material outside of the security boundary.As a result, any key material that is decrypted locally by statelessmodule 1410 may never be exposed outside the security boundary.

Typically, a stateless module is embedded inside a mobile client thatuses cryptographic services. For example, the stateless module may beimplemented in mobile clients or end-user devices, such as cell phones,laptops, etc., that need some form of data security. The statelessmodule should be integrated into other chips (e.g., a main processor)within these devices. In this way, the stateless module may provide costeffective remote key management for a mobile client (e.g., a mobilephone device, a PDA, etc.). The security boundary to this mobile clientis contained and managed through the stateless module by the smartcardkey management system with minimal impact on the rest of the mobileclient.

To support the above described key management scheme (i.e., to provide ahigh level of security at a relatively low cost, while consuming arelatively small amount of space on a mobile client), a stateless moduleprovides mechanisms for securely loading one or more keys into thestateless module, securely storing the keys and securely using the keys.Embodiments of exemplary stateless modules that provide such mechanismsare provided in copending patent application Ser. No. 60/615,290,entitled Stateless Hardware Security Module, filed on Oct. 1, 2004, andassigned to the assignee of the present application, the entire contentof which is incorporated herein by reference.

While certain exemplary embodiments have been described in detail andshown in the accompanying drawings, it is to be understood that suchembodiments are merely illustrative of and not restrictive of the broadinvention. It will thus be recognized that various modifications may bemade to the illustrated and other embodiments of the invention describedabove, without departing from the broad inventive scope thereof. Forexample, a system using SIM cards and GSM mobile network has beenillustrated, but it should be apparent that the inventive conceptsdescribed above would be equally applicable to systems that use othertypes of smartcards and/or other types of mobile network. In view of theabove it will be understood that the invention is not limited to theparticular embodiments or arrangements disclosed, but is rather intendedto cover any changes, adaptations or modifications which are within thescope and spirit of the invention as defined by the appended claims andequivalents thereof.

1. A communication system for providing secure mobile terminalfunctions, the system comprising: a mobile network; a mobile terminalcoupled to the mobile network; a function capsule including a firstfunction; and a smartcard coupled to the mobile terminal, the smartcardhaving a first key and a second key; wherein the first key is used toauthenticate an intended user of the mobile terminal to the mobilenetwork and to download the function capsule from the mobile network tothe mobile terminal; and wherein the second key is used to authenticatethe intended user to the function capsule on the mobile terminal.
 2. Thecommunication system of claim 1, wherein the mobile network includes acopy of the first key to authenticate the intended user to the mobilenetwork and wherein the function capsule includes a copy of the secondkey to authenticate the intended user to the function capsule.
 3. Thecommunication system of claim 1, wherein the downloaded function capsulefrom the mobile network is encrypted and wherein the smartcard includesa third key for decrypting the downloaded function capsule.
 4. Thecommunication system of claim 1, wherein the first function provides acall waiting service to the mobile terminal.
 5. The communication systemof claim 1, wherein the first function provides an e-mailing service tothe mobile terminal.
 6. The communication system of claim 1, wherein thefirst function provides a financial data service to the mobile terminal.7. The communication system of claim 1, wherein the smartcard includes athird key and wherein the third key authenticates the intended user toutilize the first function of the function capsule after the second keyhas authenticated the intended user to the function capsule.
 8. Thecommunication system of claim 7, wherein the smartcard includes a fourthkey, wherein the functional capsule comprises a second function, andwherein the fourth key authenticates the intended user to utilize thesecond function of the function capsule.
 9. The communication system ofclaim 8, wherein the fourth key authenticates the intended user toutilize the second function of the function capsule after the third keyhas authenticated the intended user to utilize the first function of thefunction capsule.
 10. The communication system of claim 9, wherein thefirst function provides an e-mailing service to the mobile terminal andwherein the second function provides a financial data e-mailing serviceto the mobile terminal.
 11. The communication system of claim 8, whereinthe third key does not authenticate the intended user to utilize thesecond function of the function capsule.
 12. The communication system ofclaim 7, wherein the function capsule comprises an authentication moduleand wherein the authentication module includes a copy of the second keyto authenticate the intended user to the function capsule and a copy ofthe third key to authenticate the intended user to utilize the firstfunction of the function capsule.
 13. The communication system of claim1, further comprising a second network, an authentication server, and akey writing site coupled to the authentication server via the secondnetwork, wherein the key writing site is used to write the second keyinto the smartcard at a time when the intended user desires to utilizethe first function of the function capsule and wherein the second key isprovided from the authentication server to the key writing site.
 14. Thecommunication system of claim 13, wherein the authentication serverincludes a third key to revoke the second key written into the smartcardof the intended user.
 15. The communication system of claim 14, whereinthe second key is wirelessly revoked by the authentication server viathe mobile network.
 16. The communication system of claim 1, furthercomprising a server coupled to the mobile terminal via the mobilenetwork, wherein the function capsule is downloaded over the mobilenetwork from the server.
 17. The communication system of claim 16,wherein the server includes a third key to revoke the second key of thesmartcard.
 18. The communication system of claim 17, wherein the secondkey of the smartcard is remotely revoked by the server via the mobilenetwork.
 19. The communication system of claim 1, further comprising akey writing site, wherein the key writing site is used to write thesecond key into the smartcard at a time when the intended user haspurchased the first function of the function capsule.
 20. Thecommunication system of claim 1, wherein at least one of the first andsecond keys comprises a private key and a public key and wherein only acopy of the public key is available outside the smartcard toauthenticate the intended user.
 21. The communication system of claim 1,further comprising a server coupled to the mobile terminal via themobile network, wherein the function capsule is downloaded over themobile network from the server and wherein the smartcard includes athird key to authenticate the intended user to access the server. 22.The communication system of claim 21, wherein the server includes afourth key to revoke one or both of the second and third keys of thesmartcard.
 23. The communication system of claim 1, wherein thesmartcard comprises a subscriber identity module (SIM) card.
 24. Thecommunication system of claim 1, further comprising a stateless modulecoupled to the smartcard and for securely receiving and using keys. 25.The communication system of claim 24, wherein the stateless moduleprovides a secure usage environment for receiving and using keys that isremotely separated from and cryptographically secured to the smartcard.26. A method for providing secure functions to a mobile client, themethod comprising: transmitting a first random number from within amobile network to a mobile client; using a first key in the mobileclient to compute a first response based on the transmitted first randomnumber; transmitting the first response to the mobile network; using acopy of the first key in the mobile network to calculate a first valuebased on the first random number; determining whether the first responseagrees with the first value; terminating access of the mobile client tothe mobile network if the first response does not agree with the firstvalue; downloading a function capsule from the mobile network to themobile client if the first response agrees with the first value;providing a second random number from the downloaded function capsule tothe mobile client; using a second key in the mobile client to compute asecond response based on the second random number; using a copy of thesecond key in the downloaded function capsule to calculate a secondvalue based on the second random number; determining whether the secondresponse agrees with the second value; denying access of the mobileclient to the downloaded function capsule if the second response doesnot agree with the second value; and granting access of the mobileclient to the downloaded function capsule if the second response agreeswith the second value.
 27. The method of claim 26, wherein mobile clientcomprises a subscriber identity module (SIM) card and wherein the firstand second keys are located within the SIM card.
 28. The method of claim26, wherein mobile client comprises a smartcard, wherein the first andsecond keys are stored within the smartcard, and wherein the smartcardis coupled to a stateless module for securely receiving and using keys.29. The method of claim 28, wherein the stateless module provides asecure usage environment for receiving and using keys that is remotelyseparated from and cryptographically secured to the smartcard.